Information Security Threats: Why Small Business is Such a Big Target

Some small companies may think that they’re not on the radar ofinformation thieves.

But last spring, Steve Chabot, the small business committee chairman, informed a Washingtonhearingthat 71% of cyber attacks occur at businesses with fewer than 100 employees.

“The majority ofcyber attackshappen at small businesses,” he said.

What makes small businesses such a big target for information security threats?

Lax security:While most small business owners know they must comply withprivacy laws and legislation, the2015 Shred-it InformationSecurity Tracker surveyshowed that 37% have no protocols in place for secure destruction of confidential information, and 35% have no cyber security policy.

Solutions: Implement a formal information security plan. Train employees, and make security a part of company culture.

Limited budget:Chabot also pointed out that small businesses often have limitedsecurity budgets.

Solutions: Investing in data security is essential, but it’s not all about huge spending. For example, there are simple ways to rally employees to help protect data. Providelocked consolesfor documents that are no longer needed, and remind employees to use them with online and workplace reminders.

Easy targets: Small businesses have more digital assets than individuals... but less security than larger enterprises. At the same time, cyber criminals are more likely to use stolen credit cards with small and medium-sized online merchants. Card-not-present scams are on the increase.

Source of information:In an online article, Towergate Insurance reported that82% ofsmall business ownersthink they don’t have anything worth stealing.But a small business keeps employee and customer data, bank account information, and other financial and intellectual information, which is all valuable to criminals.

Solutions:Protectconfidential informationwith encryption and two-step verification but also by verifying financial requests by phone with banks, vendors, clients, and employees.

Gateway:Small businesses can be a stepping stone to other larger companies, and large breaches often start this way.

Response plan issues:Towergate reported that 31% of small businesses lack a plan of action for responding to asecurity breach. Without one, companies may not detect an attack or not follow the proper protocol to contain it. Also, the average data breach can cost a company millions of dollars, and “not having a plan raises those costs 10 to 15%,” said industry leaderLarry Ponemon.

Trust factors:Small businesses tend to be tight-knit and therefore, trusting of employees and business partners. Butinsider fraudis on the rise (the Association of Certified Fraud Examiners reported that it cost $3.7 trillion across the globe in 2014).

Shred-it® is a Stericycle solution.North American Shred-it locations are NAID Certified for mobile document destruction, adhering to the stringent security practices and procedures established by the National Association for Information Destruction.